From b5ad514161c41fa763e656c745d1594b220c4450 Mon Sep 17 00:00:00 2001
From: Benoit Lavenier <benoit.lavenier@e-is.pro>
Date: Mon, 15 May 2023 16:26:32 +0200
Subject: [PATCH] Validate pubkey format when calling
 /wot/requirements/:search?pubkey

---
 app/modules/bma/lib/controllers/wot.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/modules/bma/lib/controllers/wot.ts b/app/modules/bma/lib/controllers/wot.ts
index d408c3a61..99dda6b48 100644
--- a/app/modules/bma/lib/controllers/wot.ts
+++ b/app/modules/bma/lib/controllers/wot.ts
@@ -189,6 +189,10 @@ export class WOTBinding extends AbstractController {
     const search = await ParametersService.getSearchP(req);
     let identities: any = [];
     if (req.query.pubkey) {
+      const matches = search.match(BMAConstants.PUBLIC_KEY);
+      if (!matches) {
+        throw BMAConstants.ERRORS.NO_IDTY_MATCHING_PUB_OR_UID;
+      }
       identities = await this.IdentityService.searchIdentitiesByPubkey(search);
     }
     else {
-- 
GitLab